Messages

1

Virtual private networks / Opnsense Yealink TLS errors

« on: May 04, 2021, 12:04:10 am »

I'm trying to get a Yealink handset to connect via OpenVPN to a local VoIP server through Opnsense.

Errors that is gets stuck on for the handset is:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Errors in the logs of the server side are:
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from [AF_INET]IP:PORT

All works fine on any desktop clients?

Any ideas?
Thanks,

2

21.1 Legacy Series / Re: OpenVPN access clients from LAN

« on: February 24, 2021, 10:41:27 pm »

Worked out the issue.

The gateway for the default firewall rule was set to a failover group on the LAN side. As this wasn't the default routing table it wasn't able to route to the VPN.

To fix this I added a new firewall, from = LAN network, to = VPN network, gateway = default and voila. LAN was now able to speak to VPN clients now too!

3

21.1 Legacy Series / OpenVPN access clients from LAN

« on: February 24, 2021, 04:09:10 pm »

Hi all,

I've used the OpenVPN wizard to setup the VPN successfully (including using AD for authentication). One of the OpenVPN clients is a Synology NAS which is used for a offsite backup location. The backup source is a server on the LAN.

OpenVPN clients can connect and communicate with LAN devices but not the other way around.

I've tried static routes but it doesn't allow creation without a parent interface which I've tried creating but doesn't seem to work.

Does anyone have any ideas?

Layout is:
LAN: 10.0.0.0/8
OpenVPN: 172.16.10.0/24

NAS for example gets 172.16.10.200/24
Server for example is: 10.0.10.50/8

NAS can ping and browse shares on 10.0.10.50 server. Server cannot ping or access 172.16.10.200 Synology.

Thanks all,